Using crontab in a jailed enviroment

Discussion in 'Server Operation' started by daveb, Feb 23, 2008.

  1. daveb

    daveb Member

    The last few days I been trying to get crontabs working in a chroot jail so users within that jail can add cron jobs. So far I am able to create cron jobs via crontab via jailed users which is getting me closer to the goal. The problem at the moment is the cron jobs are not executed and I can find no log info of errors . This is currently what I have done and would appreciate any help on this.
    Code:
    using a debian etch base install nothing more for testing
    I did this using the howto http://www.howtoforge.com/chroot_ssh_sftp_debian_etch
    using section 2 - 2.3 of howto
    
    apps added to create_chroot_env script:
    /bin/cat
    /bin/chmod
    /bin/touch
    /bin/nano
    /usr/bin/editor
    /usr/bin/crontab
    /usr/bin/nano
    /usr/sbin/cron  <-- not sure if needed within chroot..
    
    dir's and files added to chroot enviroment:
    cd /home/chroot
    mkdir lib/terminfo
    mkdir lib/terminfo/x
    cp /lib/terminfo/x/* ./lib/terminfo/x/
    mkdir tmp
    chmod 1777 tmp
    mkdir var
    mkdir var/spool
    mkdir var/spool/cron
    mkdir usr/sbin
    cp -R /var/spool/* ./var/spool/
    cp -R /var/spool/cron/* ./var/spool/cron/
    chmod 1733 var/spool/cron/crontabs        <--- confused as I had to add chmod "other with writable and exacutable permisions"
    chown root:crontab var/spool/cron/crontabs
    chown daemon:daemon var/spool/cron/atjobs
    chmod 1770 var/spool/cron/atjobs
    chown daemon:daemon var/spool/cron/atspool
    chmod 1770 var/spool/cron/atspool
    Thanks Dave
     
  2. falko

    falko Super Moderator

    Are you using full paths for your cron jobs?
     
  3. daveb

    daveb Member

    falko, over that last few days I have tried both full path and chroot'd path with no success.
     
  4. falko

    falko Super Moderator

    Can you become a chrooted user and try to execute one of the cron jobs as this user from within the chroot jail?
     
  5. daveb

    daveb Member

    Yes as the jailed user I can execute. as testuser I can crontab -l and get list of tasks, but if I am root and check the crontab -u testuser -l their is no crontab listed. Could it be that cron isnt aware that their are crontabs within the jail.
    Maybe Hans has got a bit further then I have.
     
    Last edited: Feb 25, 2008
  6. falko

    falko Super Moderator

    Hm... Not sure where the problem is... :(
     
  7. daveb

    daveb Member

    yea I am a bit confused. I am anxiously waiting to see if Hans might have had any luck over the weekend. either way I will keep trying.
     
  8. Hans

    Hans Moderator

    @Daveb,

    This weekend i had some time to test your solution. Thanks! With your solution i can create cron tabs indeed for the jailed system users which are created by ISPConfig. Now, I have the same problem as you do: the cronjobs can't be executed. I don't want to do some tricky things, as i don't want to screw the configuration of my testserver.

    In the past i had also a problem with executing cronjobs...
    What i did was:

    /etc/init.d/cron stop
    pkill cron (Make sure no cron processes are left.)
    Edit your crontab (crontab -e) and save it again.
    Then restart cron: /etc/init.d/cron start

    Let's see if it also helps for crontabs created by jailed users...

    ***DEDIT***
    This is no solution...It doesn't work for me.

    We really want to make crontabs/jovs available for jailed users. Does anyone know a solution?
    After some puzzling, any help is welcome!
     
    Last edited: Feb 28, 2008
  9. daveb

    daveb Member

    I am curious since cron is a daemon should we edit /etc/init.d/cron so that cron now knows the location within the jail.
     

Share This Page